You may already know about the widely publicized heartbleed bug (http://heartbleed.com/) that may be impacting more than 500,000 systems across the Internet. Heartbleed is a bug in the OpenSSL program in v. 1.0.1 up to 1.1.f that is being used for encrypted communication in the VPN and web sites across the world. The design flaw in the program makes the information that seats in the resident memory exposed to the hacking. The information itself may contain user’s credentials including credit card numbers as well as private keys of your file server that are being used for encrypted communication.
This flaw may impact many communication systems that use VPN, SSL, Cisco IP phones, VMWare servers. We all appreciate when the flaw if discovered BEFORE actual attacks occur, so, this time it was a timely message to the world community, and most of the vendors applied the fix or workarounds.
There are few workarounds suggested:
1)
Change the communication port 443 being used by SSL
2)
Use the firewall rule to drop all SSL heartbeat
requests. For instance, with the iptables module (thanks to Coalfire.com guys
for tip):
iptables -t filter -A
INPUT -p tcp --dport 443 -m u32 --u32 \ 52=0x18030000:0x1803FFFF"
-j DROP
Perhaps, you can test if your site is vulnerable by using the following URL from Qualys SSL Lab: https://www.ssllabs.com/ssltest/
Below is the result of the test with RTEK2000.com site:
Quite a detailed report that will follow the Summary with contain plenty of
information about the certificates your site is using, algorithms, protocols,
ciphers, and even handshake simulation with all known browsers including
mobile.
Any confusing information can be investigated
further because the lab provides the links to more information. Highly
recommended!
